Almost all attack vectors are increasing within healthcare organisations and that the risks posed by cyber attacks have grown significantly over the last year. That’s according to a survey carried out by One Poll on behalf of a cyber firm, that asked 100 cybersecurity managers working in UK healthcare.
George Patsis, CEO of Obrela Security Industries, said: “The most alarming findings are around medical IoT devices, which have experienced a 105 percent increase in attacks last year. Medical IoT devices are routinely being brought into the healthcare environment to automate processes. However, security is often an after-thought or not a high priority. Attackers exploit this loophole, and healthcare organisations need to act now before any serious damage is caused.”
When looking at the survey data from the study, 28 percent of UK healthcare organisations admitted to not being compliant with the European General Data Protection Regulation (the EU-wide GDPR). Healthcare organisations also revealed that 83 percent had experienced an increase in cyberattacks since the beginning of the pandemic, which has led to 80 percent receiving an increased security budget. However, 15 percent revealed that their security budgets have stayed the same despite the increase in attacks. When asked what makes UK healthcare organisations most vulnerable to cyberattacks, 50 percent said a lack of resources, 33 percent believe it is a lack of budget, 14 percent said a lack of skills.
The rises in cyber attacks reported cover targeting IT infrastructure; attacks by email, which could suggest ransomware; and insider attacks.
Patsis added: “Healthcare organisations hold some of the world’s most sensitive data, and our study shows many are completely unprepared for cyberattacks. Threat actors target valuable confidential data, making healthcare a growing target, and ransomware is steadily picking up pace as today’s cyber-weapon of choice. However, most organisations will not be able to identify a data leakage or a security compromise before it is too late. When protecting against cyberattacks and ransomware, healthcare executives need to realise that preventing all attacks is nearly impossible. Organisations must reassess their security towards operational resilience and their ability to deliver their intended outcome against adverse cyber events. Rather than buying the latest security technology, we need to understand that cybersecurity is not a product; it is a process. Therefore, we need to increase the visibility of the digital cyberspace, control access, identify malicious activity and respond to security threats and vulnerabilities before they become problems.”
The firm recently founded Obrela Security Industries GmbH, based in the Frankfurt am Main area, as a local subsidiary for the German-speaking market.
